Card-not-present transactions push payments fraud rates higher 16 June 2015 3:24PM John Kavanagh Payments fraud increased last year and the increase was almost entirely due to card-not-present fraud.According to the latest Australian Payments Clearing Association report on payment fraud (which covers cards and cheques), the cost of fraud grew from 16.2 cents per A$1000 spent in 2013 to 20.8 cents last year. The total cost was $393.1 million. Card-not-present fraud, which includes payments made online, by telephone or by mail, accounted for 94 per cent of the increase. The card fraud rate rose from 46.6 cents per $1000 spent in 2013 to 58.8 cents last year. In dollar terms, that was an increase from $291 million in 2013 to $387 million last year.The proportion of card-not-present fraud has increased from 52 per cent of all payments fraud in 2009 to 77 per cent last year."Card activity in the card-not-present environment represents about 40 per cent of the total value of Australian credit card purchases and nearly 25 per cent of debit card purchases," APCA said in a statement.APCA said this increase was in line with international trends. It said fraudsters were targeting online payments because chip technology had been effective in reducing fraud where the card was present during the transaction.The proportion of counterfeit (or skimming) fraud has fallen from 32 per cent of all payments fraud in 2009 to 11 per cent last year.However, skimming increased last year because of attacks on ATMs. APCA chief executive Chris Hamilton said the industry was in the process of moving its ATM fleet from magnetic stripe readers to chip readers.Hamilton said the introduction of tokenisation into the local market would help reduce card-not-present fraud. The technology replaces a consumer's 16-digit card number with a unique series of numbers when making a payment.Tokens can be restricted to specific "use cases" or "domains", such as particular e-commerce channels, merchants or even mobile phones. The token's value as a security system is that if anyone attempts to use it in a different domain, the transaction will be flagged as fraudulent and declined.